Nico Williams <n...@cryptonector.com> writes: >If we want a policy of limiting what cipher suites we allocate codepoints to >then we should have an *explicit* policy, and we should not wimp out when it >comes time to enforcing it.
It'll never work, people will clamour for their pet vanity ciphers no matter what you say or do. We need something that meets the following two goals: - A standardised, minimal selection for interoperability. - The ability to add any vanity suites that people want. Whether anyone likes it or not, that's the reality. So we need to provide a sane cipher-suite mechanism with a standard, minimal selection for interoperability, and some escape-mechanism for vanity suites where people who want vanity algorithms can create as big a mess as they like. >So how well did cartesian explosion work as an implicit anti-vanity cipher >suite policy work then? Not very well, evidently! :) I think it worked quite well, there are maybe half-a-dozen suites that everything does quite nicely, another half-dozen to a dozen that most things do, and then 320 - 12-or-so that pretty much everyone ignores. I know that if I implement RSA-3DES-SHA1 and RSA-AES-SHA1 I can talk to... well probably close to 100% of everything out there, with just two suites. Heck, I could probably just hardcode in RSA-3DES-SHA1 and be done with it. That's what fixed-config suites have given us. >Please, let's go for an a-la-carte system. Please, let's not ever try that. Anyone who asks for an a-la-carte system should have to first implement RFC 2409, and get it to interop with other implementations. Or at a minimum TLS 1.2 ECC with BrainPool curves. Only then will they be qualified to comment on the merits of a-la-carte. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography